Calling the REST API from JavaScript… from Anywhere!

IPhoneApp This is part two of a three part series showing how to call the REST API from JavaScript in various scenarios. Part one, Calling the REST API from JavaScript in Visualforce Pages, explained how to call the REST API from JavaScript in the context of a Visualforce Page, while part three, Calling the REST API from JavaScript in PhoneGap, looks at JavaScript running in mobile apps on the PhoneGap framework.

You might recall my recent blog entry on Calling the REST API from JavaScript in Visualforce Pages; in it, I mentioned that my first pass at the problem involved running a simple PHP proxy, hosted, with my JavaScript, on a separate site. Although, as I mentioned before, this isn’t the best solution, since it requires a separate host, it was sufficiently interesting that I refactored the JavaScript REST Toolkit to allow ‘do-it-yourself’ hosting as an alternative, and modified the PHP proxy to mimic our AJAX Proxy.

Also, since I wrote that last blog entry, I have created a sample mobile app based on the excellent jQuery Mobile. I am incredibly impressed with how well jQuery Mobile works, particularly since it’s still at an alpha stage – it’s easy to create a really attractive mobile app that works across a range of browsers and platforms.

The code, and documentation, for all this is in the GitHub project. Go fork it and see what you can come up with!

tagged , Bookmark the permalink. Trackbacks are closed, but you can post a comment.
  • Patrick Ecord

    I’m having issues getting this to work for me, after I hit approve on Oauth popup it returns [{“message”:”Session expired or invalid”,”errorCode”:”INVALID_SESSION_ID”}]. I am using the consumer key from the remote access section and i’ve tried passing the session id directly into the toolkit both yield the same result. Any suggestions?

  • Patrick – is the API enabled in the profile of your user? Setup > Manage Users > Users > (your user) > (the profile) > Administrative Permissions.

  • Patrick Ecord

    Yes API is enabled for the profile I am on, additionally I noticed in the login history it is showing successful Oauth login. Could there be any other settings I might have missed? If you would like to contact me directly feel free, my email is I appreciate any help I can find on this subject. I’ve included the part of the login history below, showing what I am assuming is a successful Oauth login.
    Login Time: 5/3/2011 10:06:02 AM CDT
    Login Type: Remote Access 2.0
    Status: Success
    Application: AutoDialer
    Login URL:

  • Is it possible to make a call from a .html page to the PHP proxy with the proxy hosted on a different server? I have an application that can only contain JS and html, and will have a constantly changing URL (running from a local tomcat server). I would like to host the PHP proxy and callback on a static page, however this doesn’t appear to be possible due to x-domain scripting issues. Any way around this? Thanks!

  • Hi David – you can enable CORS in the proxy.php script – to allow connections from scripts running anywhere, change

    $cors_allow_origin = null;


    $cors_allow_origin = ‘*’;

    Similarly you can specify a given script origin:

    $cors_allow_origin = ‘http://foo.example’;

    • I have tried this and have not been successful. The callback page (oauthcallback.html) gets stuck when attempting to use


      because the “opener” of this popup window is on a different server… I get the error:

      Unsafe JavaScript attempt to access frame with URL https://localhost/force-js-rest-toolkit/example.html from frame with URL Domains, protocols and ports must match.

      I also get the error:

      Uncaught TypeError: Property ‘sessionCallback’ of object [object DOMWindow] is not a function

      • The callback page needs to have the same origin as the example page, but, using CORS, the PHP proxy can be on a different server. This should be ok for you, since the callback page is just more JS and HTML.

        • I could host the callback page on the same server as the example page, however this URL is dynamic and I believe SalesForce requires you to have a unique clientId and static redirect URL… Any ideas for a work around?

          • Hi David – A couple of possible workarounds (no warranty – these were suggested to me and I haven’t tried either of them…):

            1. You could have the callback go to a server based page and poll from the client
            2. You could open a hidden iframe in the page to a centrally hosted page, that could popup our login window, and receive the callback, and then hand back to the parent page

  • Michael Shu

    Hi Pat,

    I hope to build an external website with the PHP google app engine. After I tried to use the proxy.php, I got the “500 Internal Server Error”, the detailed error is as below. Did I do something wrong on the website coding or on the Salesforce side?

    And if I use the Python google app engine to build my website, can I still use the proxy.php as the proxy server? Or there are some different way to do that?

    Remote Address:
    Request URL:
    Request Method: GET
    Status Code: 500 Internal Server Error
    Request Headers
    :method: GET
    :path: /proxy.php?_=1401259450944
    :scheme: https
    :version: HTTP/1.1
    accept: application/json, text/javascript, */*; q=0.01
    accept-encoding: gzip,deflate,sdch
    accept-language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
    content-type: application/json
    user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
    x-authorization: OAuth MY_OAUTH_CODE
    x-requested-with: XMLHttpRequest
    x-user-agent: salesforce-toolkit-rest-javascript/v27.0
    Query String Parameters view source view URL encoded
    Response Headers
    content-type: text/html
    date: Wed, 28 May 2014 06:44:17 GMT
    server: Google Frontend
    status: 500 Internal Server Error
    version: HTTP/1.1

    Michael Shu

  • Frederik Witte

    Hey, I don’t know if this should be like that, but every time I refresh the page, I need to login again and also need to authorize the app again. Firstly: Is this is a bug? Secondly, is it possible to authorize once and use the apps one subsequent sessions right away?